665 matches found
PT-2020-14187 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.12.6 Envoy versions prior to 1.13.4 Envoy versions prior to 1.14.4 Envoy versions prior to 1.15.0 Description: The issue arises when validating TLS certificates, where Envoy incorrectly allows a wildcard DNS Subject...
Unspecified Vulnerability in CloudBees Jenkins GitHub Coverage Reporter Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . GitHub Coverage Reporter Plugin is used in one...
Trojans, Backdoors and Droppers: The Most-Analyzed Malware
Trojans, backdoors and droppers, oh my: These are the top three malware types being analyzed by threat intelligence teams, according to statistics out on Thursday. According to anonymized statistics from requests to the Kaspersky Threat Intelligence Portal, almost three quarters 72 percent of the...
CVE-2020-2212
Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration...
CVE-2020-2212
Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration...
Design/Logic Flaw
Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration...
CVE-2020-2212
Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration...
CVE-2020-2212
CVE-2020-2212 affects Jenkins GitHub Coverage Reporter Plugin ≤1.8, with secrets stored unencrypted in the global configuration on the Jenkins master. The GitHub access token is saved in io.jenkins.plugins.gcr.PluginConfiguration.xml and can be viewed by anyone with master-file-system access or r...
PT-2020-15427 · Jenkins · Jenkins Github Coverage Reporter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Coverage Reporter Plugin versions 1.8 and earlier Jenkins GitHub Coverage Reporter Plugin versions 1.10 and earlier Description: The issue concerns the storage of secrets in plain text in the global configuration file on the...
OSV-2020-388 Stack-use-after-return in bool OT::Coverage::serialize<hb_map_iter_t<hb_map_iter_t<hb_filter_iter_t<OT::Co
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14786 Crash type: Stack-use-after-return READ 4 Crash state: bool OT::Coverage::serializehbmapiterthbmapiterthbfilteritertOT::Co bool OT::SingleSubstFormat1::serializehbmapiterthbmapiterthbfilterite bool...
CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter...
CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter...
CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter...
XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter. Affected versions: version 4.8.2 Fixed versions: 4.8.2 4.9.0...
XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter. Affected versions: version 4.8.2 Fixed versions: 4.8.2 4.9.0...
XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter. Affected versions: version 4.8.2 Fixed versions: 4.8.2 4.9.0...
Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 111 vulnerabilities. Fifteen of the flaws Microsoft disclosed are considered critical. There are also...
Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation
The latest round of MITRE ATT&CK evaluations proved yet again that Microsoft customers can trust they are fully protected even in the face of such an advanced attack as APT29. When looking at protection results out of the box, without configuration changes, Microsoft Threat Protection MTP: Provid...
Trend Micro’s Top Ten MITRE Evaluation Considerations
The introduction of the MITRE ATT&CK evaluations is a welcomed addition to the third-party testing arena. The ATT&CK framework, and the evaluations in particular, have gone such a long way in helping advance the security industry as a whole, and the individual security products serving the market...
python27:2.7 security, bug fix, and enhancement update
An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet,...